WO2006113206B1 - Providing fresh session keys - Google Patents

Providing fresh session keys

Info

Publication number
WO2006113206B1
WO2006113206B1 PCT/US2006/013283 US2006013283W WO2006113206B1 WO 2006113206 B1 WO2006113206 B1 WO 2006113206B1 US 2006013283 W US2006013283 W US 2006013283W WO 2006113206 B1 WO2006113206 B1 WO 2006113206B1
Authority
WO
WIPO (PCT)
Prior art keywords
key material
random number
bootstrapping
user equipment
network application
Prior art date
Application number
PCT/US2006/013283
Other languages
French (fr)
Other versions
WO2006113206A1 (en
Inventor
Sarvar Patel
Original Assignee
Lucent Technologies Inc
Sarvar Patel
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Lucent Technologies Inc, Sarvar Patel filed Critical Lucent Technologies Inc
Priority to EP06740801.3A priority Critical patent/EP1872513B1/en
Priority to JP2008507708A priority patent/JP5080449B2/en
Priority to CN2006800127472A priority patent/CN101160779B/en
Priority to KR1020077023862A priority patent/KR101240069B1/en
Publication of WO2006113206A1 publication Critical patent/WO2006113206A1/en
Publication of WO2006113206B1 publication Critical patent/WO2006113206B1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
    • H04L9/0844Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols with user authentication or key authentication, e.g. ElGamal, MTI, MQV-Menezes-Qu-Vanstone protocol or Diffie-Hellman protocols using implicitly-certified keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/061Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying further key derivation, e.g. deriving traffic keys from a pair-wise master key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network

Abstract

The present invention provides a method of key material generation in which the key material is used to authenticate communication for user equipment and at least one network application function. The method includes providing a bootstrapping identifier associated with first key material and a first random number, receiving information indicative of a second random number, and forming second key material based upon the first key material, the first random number, and the second random number.

Claims

16AMENDED CLAIMS[received by the International Bureau on 11 OCTOBER 2006 (11.10.06)
1. A method of key material generation for authenticating communication between at least one network application and a user equipment, the user equipment having first key material shared with a server and second key material shared with a bootstrapping entity, the second key material being formed by the bootstrapping entity based on the first key material, the method CHARACTERIZED BY: providing, to said at least one network application, a bootstrapping identifier indicative of the second key material and a first random number; receiving, from said at least one network application, information indicative of at least one second random number; and forming at least one third key material based upon the second key material, the first random, number, and said at least one second random number.
2. The method of claim 1 , comprising determining the first random number,
3. The method of claim 1, wherein receiving information indicative of the second τandom number comprises receiving the information indicative of the second random number in response to providing the information indicative of the second key material and the first random number,
4. The method of claim 1 comprising establishing a secure connection between user equipment and said at least one network application function using said at least one third key material.
5. A method of key material generation for authenticating communication between at least one network application and a user equipment, the user equipment having first key material shared with a server and second key material shared with a bootstrapping entity, the second key material being formed by the bootstrapping entity based on the first key material, the method CHARACTERIZED BY: receiving, from the user equipment, a bootstrapping identifier indicative of the second key material and a first random number; determining a second random number; providing, to the bootstrapping entity, the bootstrapping identifier indicative of the second key material and the first and second random numbers; and receiving, from the bootstrapping entity, third key material formed using the bootstrapping identifier associated with the second key material and the first and second random numbers.
6, The method of claim 5 wherein determining the second random number comprises determining the second random number in response to receiving the information indicative of the second key material and the first random number.
7. The method of claim 5 comprising: providing the second random number to said user equipment; and establishing a secure connection between user equipment and said at least one network application function using the third key material.
8. A method of key material generation for authenticating communication between at least one network application and a user equipment, the user equipment having first key material shared with a server and second key material shared with a bootstrapping entity, the second key material being formed by the bootstrapping entity based on the first key material,
the method CHARACTERIZED BY: receiving, from said at least one network application, a bootstrapping identifier associated with the second key material and first and second random numbers; accessing the second key material based upon the bootstrapping identifier associated
with the first key material; and forming third key material based upon the second key material and the first and
second random numbers.
9. The method of claim 8, comprising providing the second random number to said at
least one network application function,
10. The method of claim 8, comprising providing the third key material to said at least
one network application function.
PCT/US2006/013283 2005-04-18 2006-04-10 Providing fresh session keys WO2006113206A1 (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
EP06740801.3A EP1872513B1 (en) 2005-04-18 2006-04-10 Providing fresh session keys
JP2008507708A JP5080449B2 (en) 2005-04-18 2006-04-10 Providing a new session key
CN2006800127472A CN101160779B (en) 2005-04-18 2006-04-10 Providing fresh session keys
KR1020077023862A KR101240069B1 (en) 2005-04-18 2006-04-10 Providing fresh session keys

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US11/108,610 2005-04-18
US11/108,610 US7558957B2 (en) 2005-04-18 2005-04-18 Providing fresh session keys

Publications (2)

Publication Number Publication Date
WO2006113206A1 WO2006113206A1 (en) 2006-10-26
WO2006113206B1 true WO2006113206B1 (en) 2007-01-18

Family

ID=36678567

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2006/013283 WO2006113206A1 (en) 2005-04-18 2006-04-10 Providing fresh session keys

Country Status (6)

Country Link
US (1) US7558957B2 (en)
EP (1) EP1872513B1 (en)
JP (1) JP5080449B2 (en)
KR (1) KR101240069B1 (en)
CN (1) CN101160779B (en)
WO (1) WO2006113206A1 (en)

Families Citing this family (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8046824B2 (en) * 2005-04-11 2011-10-25 Nokia Corporation Generic key-decision mechanism for GAA
JP4741664B2 (en) * 2005-07-07 2011-08-03 テレフオンアクチーボラゲット エル エム エリクソン(パブル) Method and apparatus for authentication and privacy
US7835528B2 (en) * 2005-09-26 2010-11-16 Nokia Corporation Method and apparatus for refreshing keys within a bootstrapping architecture
CN101039181B (en) * 2006-03-14 2010-09-08 华为技术有限公司 Method for preventing service function entity of general authentication framework from attack
US8407482B2 (en) * 2006-03-31 2013-03-26 Avaya Inc. User session dependent URL masking
DE102006054091B4 (en) * 2006-11-16 2008-09-11 Siemens Ag Bootstrapping procedure
DE202007018369U1 (en) * 2006-11-18 2008-07-31 Dica Technologies Gmbh Device for the secure generation and management of keys and their use in networks for the secure transmission of data
KR101447726B1 (en) * 2006-12-08 2014-10-07 한국전자통신연구원 The generation method and the update method of authorization key for mobile communication
KR20100044199A (en) * 2007-07-04 2010-04-29 코닌클리즈케 필립스 일렉트로닉스 엔.브이. Network and method for initializing a trust center link key
CN101163010B (en) * 2007-11-14 2010-12-08 华为软件技术有限公司 Method of authenticating request message and related equipment
EP3079298B1 (en) * 2007-11-30 2018-03-21 Telefonaktiebolaget LM Ericsson (publ) Key management for secure communication
ES2687238T3 (en) * 2008-02-25 2018-10-24 Nokia Solutions And Networks Oy Secure boot architecture method based on password-based summary authentication
US20090287929A1 (en) * 2008-05-15 2009-11-19 Lucent Technologies Inc. Method and apparatus for two-factor key exchange protocol resilient to password mistyping
PL2528268T6 (en) * 2008-06-06 2022-04-25 Telefonaktiebolaget Lm Ericsson (Publ) Cyptographic key generation
CN101784048B (en) * 2009-01-21 2014-01-01 中兴通讯股份有限公司 Method and system for dynamically updating identity authentication and secret key agreement of secret key
US8943321B2 (en) 2009-10-19 2015-01-27 Nokia Corporation User identity management for permitting interworking of a bootstrapping architecture and a shared identity service
PT2695410T (en) * 2011-04-01 2017-05-23 ERICSSON TELEFON AB L M (publ) Methods and apparatuses for avoiding damage in network attacks
EP2774068A4 (en) * 2011-10-31 2015-08-05 Security mechanism for external code
CN105706390B (en) * 2013-10-30 2020-03-03 三星电子株式会社 Method and apparatus for performing device-to-device communication in a wireless communication network
JP6708626B2 (en) * 2014-05-02 2020-06-10 コニンクリーケ・ケイピーエヌ・ナムローゼ・フェンノートシャップ Method and system for providing security from a wireless access network.
US10678927B2 (en) * 2017-08-31 2020-06-09 Texas Instruments Incorporated Randomized execution countermeasures against fault injection attacks during boot of an embedded device
EP3718330A4 (en) * 2017-11-29 2021-05-26 Telefonaktiebolaget LM Ericsson (publ) Session key establishment
US11089480B2 (en) * 2018-11-30 2021-08-10 Apple Inc. Provisioning electronic subscriber identity modules to mobile wireless devices
CN112054906B (en) * 2020-08-21 2022-02-11 郑州信大捷安信息技术股份有限公司 Key negotiation method and system
WO2023043724A1 (en) * 2021-09-17 2023-03-23 Qualcomm Incorporated Securing application communication

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5534857A (en) 1991-11-12 1996-07-09 Security Domain Pty. Ltd. Method and system for secure, decentralized personalization of smart cards
US6151676A (en) * 1997-12-24 2000-11-21 Philips Electronics North America Corporation Administration and utilization of secret fresh random numbers in a networked environment
EP1125396A2 (en) * 1998-10-30 2001-08-22 Certco Incorporated Incorporating shared randomness into distributed cryptography
SE517116C2 (en) * 2000-08-11 2002-04-16 Ericsson Telefon Ab L M Method and device for secure communication services
JP2002344438A (en) * 2001-05-14 2002-11-29 Nippon Telegr & Teleph Corp <Ntt> Key sharing system, key sharing device and program thereof
US8140845B2 (en) * 2001-09-13 2012-03-20 Alcatel Lucent Scheme for authentication and dynamic key exchange
US20030093663A1 (en) 2001-11-09 2003-05-15 Walker Jesse R. Technique to bootstrap cryptographic keys between devices
US7607015B2 (en) 2002-10-08 2009-10-20 Koolspan, Inc. Shared network access using different access keys
PT1854263E (en) * 2005-02-04 2011-07-05 Qualcomm Inc Secure bootstrapping for wireless communications

Also Published As

Publication number Publication date
US20060236106A1 (en) 2006-10-19
CN101160779A (en) 2008-04-09
KR101240069B1 (en) 2013-03-06
KR20070122491A (en) 2007-12-31
JP2008537445A (en) 2008-09-11
EP1872513B1 (en) 2018-01-10
EP1872513A1 (en) 2008-01-02
CN101160779B (en) 2013-04-03
JP5080449B2 (en) 2012-11-21
WO2006113206A1 (en) 2006-10-26
US7558957B2 (en) 2009-07-07

Similar Documents

Publication Publication Date Title
WO2006113206B1 (en) Providing fresh session keys
US8726022B2 (en) Method for the access of the mobile terminal to the WLAN and for the data communication via the wireless link securely
WO2004003679A3 (en) Method of registering home address of a mobile node with a home agent
DE602004003856T2 (en) Method and device for authentication in a communication system
He et al. Design and validation of an efficient authentication scheme with anonymity for roaming service in global mobility networks
CA2403521A1 (en) Authentication in a packet data network
CA2517474A1 (en) Fast re-authentication with dynamic credentials
JP2004297783A5 (en)
WO2007063420A3 (en) Authentication in communications networks
CA2289452A1 (en) Initial secret key establishment including facilities for verification of identity
EP1001570A3 (en) Efficient authentication with key update
US20060209843A1 (en) Secure spontaneous associations between networkable devices
WO2005065132B1 (en) System, method, and devices for authentication in a wireless local area network (wlan)
CA2335172A1 (en) Secure mutual network authentication and key exchange protocol
WO2004046849A3 (en) Cryptographic methods and apparatus for secure authentication
WO2008048179A3 (en) Cryptographic key management in communication networks
JP2008538482A5 (en)
JP2002026899A (en) Verification system for ad hoc wireless communication
CA2518032A1 (en) Methods and software program product for mutual authentication in a communications network
JP2008537445A5 (en)
WO2008008014A9 (en) Method and arrangement for authentication procedures in a communication network
Dao et al. Achievable multi-security levels for lightweight IoT-enabled devices in infrastructureless peer-aware communications
WO2009008641A3 (en) Node authentication and node operation methods within service and access networks in ngn environment
KR20100133469A (en) Methods and apparatus for authenticated user-access to kerberos-enabled applications based on an authentication and key agreement(aka) mechanism
US9143482B1 (en) Tokenized authentication across wireless communication networks

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 200680012747.2

Country of ref document: CN

121 Ep: the epo has been informed by wipo that ep was designated in this application
DPE1 Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101)
WWE Wipo information: entry into national phase

Ref document number: 2006740801

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 4495/CHENP/2007

Country of ref document: IN

WWE Wipo information: entry into national phase

Ref document number: 1020077023862

Country of ref document: KR

ENP Entry into the national phase

Ref document number: 2008507708

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

NENP Non-entry into the national phase

Ref country code: RU

DPE2 Request for preliminary examination filed before expiration of 19th month from priority date (pct application filed from 20040101)